Privacy Policy

Last Updated: May 20, 2026 • AUTO MAGIC CAST SRL, CUI 45606628, J28/137/2022

1. Data Controller

The data controller responsible for your personal data is AUTO MAGIC CAST SRL, CUI 45606628, J28/137/2022. You can contact us at [email protected].

2. Data Collection

We collect the following categories of data:

  • Account data — name, email address, hashed password, avatar, timezone.
  • Onboarding data — company name, team size, role, and the first project name and base URL you configure during setup.
  • Billing data — business name, billing address, country, and VAT number provided for invoicing. Payment card details are managed exclusively by Stripe and are never stored on our servers.
  • Technical data — IP address, browser type, device information.
  • API usage data — request bodies, headers, query parameters, and responses from the endpoints you test. These may contain data from your own systems.
  • Third-party API credentials — authentication tokens, API keys, and other credentials you configure to allow API Unit to call your external APIs on your behalf. These are stored in our database and used solely to execute the tests you define.
  • Browser local storage — some operational data (quick request history, chain test drafts, UI preferences) is stored locally in your browser and never transmitted to our servers.

3. Legal Basis for Processing

We process your data on the following legal bases under GDPR Art. 6:

  • Contract performance — to provide the API Unit service you subscribed to, including running tests, storing logs, and sending alerts.
  • Legitimate interest — to monitor platform performance, prevent abuse, and improve the service.
  • Legal obligation — to comply with applicable Romanian and EU law, including tax and financial regulations.

4. Use of Data

Data is used to provide services, send alerts, monitor platform performance, improve services, and provide support. Aggregated metrics (latency, failed/success/skipped tests) are stored permanently. Email alerts are sent for failed tests to the addresses you configure per project.

5. Retention

Request logs are retained for 7, 30, 60, or 90 days depending on your subscription plan. Aggregated statistics are retained indefinitely. Account data, billing information, and stored API credentials are deleted within 30 days of account closure upon request.

6. Cookies

We use cookies strictly necessary for authentication and platform functionality. When you select a pricing plan, a selected_plan cookie is stored in your browser to carry your selection to the registration flow. We do not use advertising or tracking cookies.

7. Third-Party Processors

We share data with trusted third-party processors solely to operate the service. A full list is available at apiunit.io/subprocessors. Key processors include:

  • Stripe — payment processing and subscription billing.
  • Mailjet — transactional email delivery (alerts, account notifications).
  • Hetzner — cloud infrastructure and data storage (Germany, EU).

We do not sell your data to third parties.

8. Data Security

Data is stored securely according to industry best practices. Access is restricted to authorized personnel only. Third-party API credentials you store in the platform are accessible only to the systems that execute your tests.

9. Your Rights (GDPR)

You have the right to access, correct, delete, restrict processing, or request portability of your data. To exercise any of these rights — including requesting account deletion — contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Romanian data protection supervisory authority, ANSPDCP, at dataprotection.ro.

10. Children

API Unit is not directed at children under 16. Users between 16 and 18 may use the platform with parental supervision. Users under 16 require explicit parental consent for data processing in accordance with GDPR. Minors cannot enter into paid agreements; parents or guardians must manage billing.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or by posting a notice on the platform. Continued use of API Unit after changes are posted constitutes your acceptance of the updated policy.